Vulnerabilities in GPS tracker could have “life-threatening” implications

Researchers at BitSight have discovered six vulnerabilities in the MiCODUS MV720 GPS tracker, a popular vehicle tracking device. The vulnerabilities are severe enough for the Cybersecurity & Infrastructure Security Agency CISA to publish a Security Advisory titled ICSA-22-200-01: MiCODUS MV720 GP...

Google ads lead to major malvertising campaign

Fraudsters have long been leveraging the shady corners of the internet to place malicious adverts, leading users to various scams. However, every now and again we see a campaign that goes mainstream and targets some of the worlds top brands. Case in point, we recently uncovered a malvertising cha...

Another ransomware payment recovered by the Justice Department

The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. The seized funds amounting to half a million US dollars, include ransoms paid by health care...

Facebook gets round tracking privacy measure by encrypting links

A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle, and one which Facebook has just got the upper hand to. This type of tracking involves adding additional parameters to the URLs that you click on a daily basis. When you click one of...

Ring shares data with police without consent (but it’s in good faith), says Amazon

Ring, the Amazon-owned company behind the popular smart doorbells, has admitted to giving doorbell data to law enforcement willy-nilly. All they have to do is fill out a form called the Amazon Law Enforcement Request Tracker—no need to ask for the data owners consent, give a warrant or court orde...

Fraudulent cryptocurrency investment apps are duping investors

Together with the Department of Homeland Security DHS and the Cybersecurity and Infrastructure Security Agency CISA, the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. The threat actors convince...

PayPal phishing campaign goes after more than just your login credentials

A new phishing campaign targeting PayPal users aims to get extensive data from potential victims. The data its after includes government documents like passport, as well as selfie photos. In a nutshell, its an extensive form of information theft, the likes of which could result in someones identi...

Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

WordPress admins are being warned to remove a buggy plugin or risk a total site takeover. This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows "unauthenticated arbitrary file...

Roblox breached: Internal documents posted online by unknown attackers

A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown attacker has breached an employee account, and is in the process of exposing the data theyve collected. Nobody knows if theyve exhausted their newly-plundered...

The FTC will go after companies misusing location, health, and other sensitive data

After the overturning of Roe V Wade, many feared that using, having access to, and sharing reproductive and sexual health data—once done freely—would be outlawed with the practice of abortion in many states. To protect such data from falling into the wrong hands, Congresswoman Sara Jacobs D-CA...

Roe v. Wade: How the cops can use your data: Lock and Code S03E15

On the evening of June 23, in the United States, millions of women went to bed with a Constitutional right to choose to have an abortion, and they went to bed with the many assurances that are tied to that right—to speak about getting an abortion, to organize and provide support to those seeking...

Extortionists target restaurants, demand money to take down bad reviews

Restaurants and other eating establishments are being targeted by extortionists who post fake reviews online and then offer to remove them in exchange for a gift card. The possibility has always existed to leave poor reviews on Google Maps and elsewhere. However, seeing fraudsters get organised a...

A week in security (July 11 – July 17)

Last week on Malwarebytes Labs: Elden Ring maker Bandai Namco hit by ransomware and data leaks Predatory Sparrow massively disrupts steel factories while keeping workers safe New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs China’s Tonto Team increases...

Elden Ring maker Bandai Namco hit by ransomware and data leaks

Its not been a great couple of months for gaming giant Bandai Namco. The name behind smash hit titles like Elden Ring and Dark Souls has endured a long run of cheats and hacks. Hacking concerns led to Remote Code Execution issues, and multiplayer features in Souls titles were disabled for months...

Predatory Sparrow massively disrupts steel factories while keeping workers safe

Stuxnets attack on Irans uranium enrichment facilities manifested fears of cyberattacks leaking into the real world. What once was theory is now upon us. Two weeks ago, multiple Iranian steel facilities experienced a cyberattack that might have been pulled off by what many cybersecurity experts i...

New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs

Security researcher Maxime Ingrao has found a new variant of Android/Trojan.Spy.Joker which hes dubbed Autolycos. Malware in this family secretly subscribes users to premium services. The researcher noted that the eight applications that contained this malware had racked up a total of over 3...

China’s Tonto Team increases espionage activities against Russia

According to analyses of several cybersecurity firms and CERT Computer Emergency Response Team Ukraine CERT-UA, the state-sponsored threat actor group Tonto Team, which has been linked to China-backed cyber operations, is ramping up its spying campaign against Russian government agencies. The...

Endpoint security for Mac: 3 best practices

If you’re one of the 50% of small and medium-sized businesses SMBs that use Mac .devices today, chances are your IT and security teams have a ton of Mac endpoints to monitor. Securing that many endpoints can get really complex, really fast, especially when you consider that the common wisdom that...

Low-income consumers preyed on by fake ISP during pandemic, FCC says

The FCC Federal Communications Commission has proposed a fine of $220,210 against Kyle Traxler of Ohio for allegedly establishing the bogus internet provider, Cleo Communications, to scam low-income consumers. The victims believed they were receiving government-approved discounts on internet...

Ransomware rolled through business defenses in Q2 2022

Ransomware has given security professionals a headache for the better part of a decade. Fast forward to 2022, and the headache has become a migraine—not just for IT teams but business owners, employees, and customers as well. Over the last three months, ransomware gangs have increased the pressur...

Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign

This blog was authored by Roberto Santos and Hossein Jazi The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that we attribute with high confidence to UAC-0056 AKA UNC2589, TA471. This threat group has repeatedly targeted the government entities ...

WhatsApp warns users: Fake versions of WhatsApp are trying to steal your personal info

WhatsApp boss Will Cathcart is warning users of the popular messaging app to be on their guard after the WhatsApp Security Team discovered bogus apps packing a hidden punch in the form of malware. Outside the safety of the walled garden App stores do whatever they can to try and prevent bogus...

Update now—July Patch Tuesday patches include fix for exploited zero-day

It’s time to triage a lot of patching again. Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem CSRSS. This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency CI...

Fake streamed cricket matches knocks victims for six

An incredible scam which resembles hidden camera prank shows has been shut down by police. Four men were arrested last week in connection with the con-job involving fake cricket and online betting. It begins in Russia, takes a trip to India, and ends up back in Russia. Heres how it unfolded:...

PyPI starts rolling out required 2FA for important projects

The Python Package Index PyPI says it has begun rolling out a two-factor authentication 2FA requirement which enforces maintainers of critical projects to have 2FA enabled to publish, update, or modify them. PyPI plays an important role in the Python developers ecosystem. Python repository PyPi i...

Insecure password leads to Mangatoon data breach

The hugely popular Manga comics platform Mangatoon has fallen victim to a data breach. No fewer than 23 million user accounts could be at risk, thanks to a poorly secured database. Worse still, Mangatoon doesnt seem to be responding to messages from the breacher, or people notifying it that the...

A week in security (July 4 – July 10)

Last week on Malwarebytes Labs: My Body, My Data Act would lock down reproductive and sexual health data "Free UK visa" offers on WhatsApp are fakes HackerOne insider fired for trying to claim other people’s bounties Update now! Chrome patches ANOTHER zero-day vulnerability Cloud-based malware is...

Europe threatens to ban Facebook over data transfers to the US

If regulators have their way, data transfers from Facebook and Instagram between Europe and the United States could stop this summer. WhatsApp, another Meta service, will not be affected by the decision as it has a different data controller within Meta. This could force Meta, Facebooks parent...

Microsoft appears to be rolling back Office Macro blocking

Were seeing several reports indicating that Microsoft may have rolled back its decision to block Macros in Office. Currently no official statement exists—the reports rely on a post by a Microsoft employee in the replies of the original article where the plan to block macros was announced. Earlier...

Tech support scammers caught by their own cameras

A Youtuber has hacked into the CCTV cameras of an office used by tech support scammers and reported them to the police. The video feed of what is going on in that office ends with the arrest of the scammers. CCTV The Youtuber, acting under the handle Scambaiter, turned his attention to Punjab in...

4 ways businesses can save money on cyber insurance

So, your business has just suffered a data breach and it’s time to dig deep in your pockets to pay all the resulting expenses. Without cyber insurance, you can expect to pay a dizzying amount of cash. In 2022 alone, the average cost of a data breach for businesses under 1,000 employees was close ...

North Korean APT targets US healthcare sector with Maui ransomware

State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health HPH sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory CSA from the FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of the...

How the FBI quietly added itself to criminals’ instant message conversations

Motherboard has disclosed some information about Operation Trojan Shield, in which the FBI intercepted messages from thousands of encrypted phones around the world. These messages are now used in courts across the world as corroborating evidence. Operation Trojan Shield The US Federal Bureau of...

Fake job offer leads to $600 million theft

Back in March, popular NFT battler Axie Infinity lay at the heart of a huge cryptocurrency theft inflicted on the Ronin network. From the Ronin newsletter: There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and...

YouTube AI wrongfully flags horror short “Show for Children” as suitable for children

When content creators flag one of their own videos as inappropriate for children, we expect YouTubes AI moderator to accept this and move on. But the video streaming bot doesnt seem to get it. Not only can it prevent creators from correcting a miscategorization, its synthetic will is also final—n...

Report: Brazil must do more to encrypt, back up data

Federal government organisations in Brazil may need to reassess their approach to cyberthreats, according to a new report by the countrys Federal Audit Court. It outlines multiple key areas of concern across 29 key areas of risk. One of the biggest problems in the cybercrime section of the report...

Apple Lockdown Mode helps protect users from spyware

Apple has announced a new feature of iOS 16 called Lockdown Mode. This new feature is designed to provide a safer environment on iOS for people at high risk of what Apple refers to as "mercenary spyware." This includes people like journalists and human rights advocates, who are often targeted by...

Verified Twitter accounts phished via hate speech warnings

Verified Twitter accounts are once again under attack from fraudsters, with the latest phish attempt serving up bogus suspension notices. Hijacking verified accounts on any platform is a big win for fraudsters. It gives credibility to their scams, especially when the accounts have large following...

Discord Shame channel goes phishing

A variant of a popular piece of social media fraud has made its way onto Discord servers. Multiple people are reporting messages of an "Is this you" nature, tied to a specific Discord channel. is this a new discord scam or something? someone I haven’t spoken to in years randomly sent me this and...

IconBurst software supply chain attack offers malicious versions of NPM packages

Researchers discovered evidence of a widespread software supply chain attack involving malicious Javascript packages offered via the npm package manager. The threat actors behind the IconBurst campaign used typosquatting to mislead developers looking for very popular packages. npm npm is short fo...

Google to delete location data of trips to abortion clinics

The historical overturning of Roe v. Wade in June prompted lawmakers and technology companies to respond with deep concern over the future of data. Google is one of those companies. In a post to "The Keyword" blog last week, Google said it will act further in protecting its users privacy by...

TikTok is “unacceptable security risk” and should be removed from app stores, says FCC

Brendan Carr, the commissioner of the FCC Federal Communications Commission, called on the CEOs of Apple and Google to remove TikTok from their app stores. In a letter dated June 24, 2022, Carr told Tim Cook and Sundar Pichai that "TikTok poses an unacceptable national security risk due to its...

Cloud-based malware is on the rise. How can you secure your business?

There’s a lot of reasons to think the cloud is more secure than on-prem servers, from better data durability to more consistent patch management — but even so, there are many threats to cloud security businesses should address. Cloud-based malware is one of them. Indeed, while cloud environments...

Update now! Chrome patches ANOTHER zero-day vulnerability

Google has released version 103.0.5060.114 for Chrome, now available in the Stable Desktop channel worldwide. The main goal of this new version is to patch CVE-2022-2294. CVE-2022-2294 is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications WebRTC component whic...

HackerOne insider fired for trying to claim other people’s bounties

The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts...

When good-faith hacking gets people arrested, with Harley Geiger: Lock and Code S03E14

When Lock and Code host David Ruiz talks to hackers—especially good-faith hackers who want to dutifully report any vulnerabilities they uncover in their day-to-day work—he often hears about one specific law in hushed tones of fear: the Computer Fraud and Abuse Act. The Computer Fraud and Abuse Ac...

Insider Threat: Employees indicted for stealing $88 million of license keys

Two insiders and an accomplice were indicted on Tuesday for multiple counts of fraud. According to documents unsealed by the Wester District of Oaklahoma, a grand jury charged Raymond Bradley Pearce aka Brad Pearce, a former employee of Avaya; Dusti O. Pearce, his wife; and Jason M. Hines aka Joe...

5 pro-freedom technologies that could change the Internet

In the digital era, freedom is inextricably linked to privacy. After a good start, the Internet-enabled, technological revolution we are living through has hit some bumps in the road. We have already lost a lot of control over who and what has access to our data, and there are further threats to...

“Free UK visa” offers on WhatsApp are fakes

A student friend recently shared a WhatsApp message, unsure if it was scam. The message claims to offer an easy to route to free visas, housing, accommodation, and medicine access. Heres how we know it was a scam, and where it lead. It read as follows: UK GOVERNMENT JOB RECRUITMENT 2022: This is...

My Body, My Data Act would lock down reproductive and sexual health data

A new bill entered into both the House of Representatives and the Senate proposes the strongest Federal data privacy protections yet for an increasingly scrutinized form of data in the United States—reproductive and sexual health data. The “My Body, My Data Act of 2022” was announced in early Jun...